The NIST definition of a cyber incident as defined in FIPS PUB 200, Minimum Security Requirements for Federal Information and Information System, is electronic communications between systems or systems and people that impacts Confidentiality, Integrity, and/or Availability. The incident doesn’t have to bemalicious or targeted to be a cyber incident

The NIST Cyber Security Framework completely lacks any mention of application security. We predict that organizations will likewise adopt the framework with scant attention paid to secure software, which will lull them into a false sense of security.

Given the pace that both government and the private sector are migrating mission-critical operations to managed service providers, should NIST take steps to identify Cloud-based offerings as part of the nation’s critical infrastructure?

An information security training program is crucial for ensuring and maintaining a good security posture; in order to effectively manage this program you have to be able to measure it. This article introduces a concept recommended by NIST in their Special Publication 800-16, for evaluating training effectiveness.

EMC's RSA security unit sent an advisory to their developer customers warning against use of a toolkit that employs an NIST encryption algorithm by default that is suspected to have been “backdoored” by the NSA.

A new guide from the National Institute of Standards and Technology (NIST) describes a "scoring system" that computer security managers can use to assess the severity of security risks arising from software features that are designed under an assumption that users are operating these features as intended...

The objective of this RFI is to learn more about how government can further leverage the key characteristics and advantages of cloud computing to save money and increase IT efficiencies. CSB's are one concept that GSA is exploring and this RFI contains questions specific to cloud brokerages...

"Companies will be able to tailor these generic test criteria to their own systems. To make it an effective framework, we made sure that it contains consistent, repeatable tests they can run, producing documentation that contains adequate, accurate information regardless of the individual system..."

The document is the next step toward updating Federal Information Processing Standard (FIPS) 201. Among its requirements are that all PIV cards contain an integrated circuit chip, a personal identification number and protected biometric data—a printed photograph and two electronically stored fingerprints...

In this first NIST 'Big Data' workshop, key national priority topics will be explored, including examples from science, health, disaster management, security, and finance. At the same time, topics in emerging technology areas including analytics and architectures will also be discussed...

The workshop’s goal is to introduce the center, which will bring together experts from industry, government and academia to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex IT systems...

Under Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher has selected William M. Holt, senior vice president and general manager of Intel Corporation's Technology and Manufacturing Group, to serve on the Visiting Committee on Advanced Technology (VCAT)...

The HIPAA Security Rule sets federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA covered entities and their business associates to implement and maintain administrative, physical and technical safeguards...

NIST seeks to engage all stakeholders to identify the available and needed technologies and tools to recognize, prevent, and remediate botnets; explore current and future efforts to develop botnet metrics and methodologies for measuring and reporting botnet metrics over time...

The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...